From 6c1dc1cc06f795c8a5883c369b870caa912cd2d7 Mon Sep 17 00:00:00 2001
From: SamarV-121 <samarvispute121@pm.me>
Date: Wed, 14 Sep 2022 09:15:40 +0530
Subject: [PATCH] sepolicy: Allow init to create xcap sockets

I auditd  : type=1400 audit(0.0:191): avc: denied { create } for comm="init" name="vendor.xcap" scontext=u:r:init:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=0

Change-Id: I44fade622638a8ea64afcb6569515ca2c231c84c
---
 basic/non_plat/file.te       | 2 ++
 basic/non_plat/file_contexts | 2 ++
 basic/non_plat/init.te       | 1 +
 3 files changed, 5 insertions(+)

diff --git a/basic/non_plat/file.te b/basic/non_plat/file.te
index 2479d32..e83328c 100644
--- a/basic/non_plat/file.te
+++ b/basic/non_plat/file.te
@@ -642,6 +642,8 @@ type thermal_hal_socket, file_type;
 # thermal core socket file
 type thermal_socket, file_type;
 
+type xcap_socket, file_type;
+
 # Data : 2021/08/24
 # Operaton: S development
 # Purpose: Add permission for node /proc/dma_heap
diff --git a/basic/non_plat/file_contexts b/basic/non_plat/file_contexts
index 42781a5..bd745a7 100644
--- a/basic/non_plat/file_contexts
+++ b/basic/non_plat/file_contexts
@@ -402,6 +402,8 @@
 /dev/socket/thermal_socket(/.*)? u:object_r:thermal_socket:s0
 /dev/socket/thermal_hal_socket(/.*)? u:object_r:thermal_hal_socket:s0
 
+/dev/socket/vendor.xcap(/.*)?         u:object_r:xcap_socket:s0
+
 /dev/stpant(/.*)?   u:object_r:stpant_device:s0
 /dev/stpbt(/.*)?    u:object_r:stpbt_device:s0
 /dev/fw_log_bt      u:object_r:fw_log_bt_device:s0
diff --git a/basic/non_plat/init.te b/basic/non_plat/init.te
index d99d170..5b907eb 100644
--- a/basic/non_plat/init.te
+++ b/basic/non_plat/init.te
@@ -146,3 +146,4 @@ domain_auto_trans(init, postinstall_file, update_engine)
 allow init sysfs_mtk_core_ctl:dir r_dir_perms;
 allow init sysfs_mtk_core_ctl:file rw_file_perms;
 
+allow init xcap_socket:sock_file create_file_perms;